Commit Graph

3923 Commits

Author SHA1 Message Date
Glenn Strauss 28f1d010d2 [core] improve HTTP/2 behavior w/ max-request-size
improve HTTP/2 behavior when server.max-request-size reached

accept slightly more data than max-request-size if END_STREAM flag recvd

reduce rwin so that client may exceed server.max-request-size, but not
by much.  (client might ignore and might send a firehose of data anyway)
accept up to 64k more data to potentially sink data that was in-flight
beyond the rwin, in order to allow server to send 413 Payload Too Large
before resetting the stream.
2021-05-07 16:39:52 -04:00
Glenn Strauss b288eeafaa [core] http_response_send_file() mark cold paths 2021-05-06 17:35:00 -04:00
Glenn Strauss 2097fe441b [mod_extforward] shared mod_extforward_bad_request 2021-05-06 17:35:00 -04:00
Glenn Strauss 6c40f997b9 [core] merge http_response_send_file 0-size case
merge http_response_send_file 0-sized file special case
(historically was a short-circuit before Range handling,
 but Range handling has been rewritten and moved elsewhere)
2021-05-06 17:35:00 -04:00
Glenn Strauss 4c12d7da08 [core] tighten code in request_check_hostname() 2021-05-06 17:35:00 -04:00
Glenn Strauss 060be714be [mod_auth] include unistd.h for crypt() on Mac OS 2021-05-06 17:35:00 -04:00
Glenn Strauss a473d48c43 [core] consolidate overflow checks in li_to_base64 2021-05-06 17:35:00 -04:00
Glenn Strauss bc572e1c56 [core] base64_charset enum supports only 2 tables 2021-05-06 17:35:00 -04:00
Glenn Strauss 6de4c809c9 [core] buffer_append_base64_encode_opt()
with option to include or omit padding

single func to handle both:
- buffer_append_base64_encode_no_padding
- buffer_append_base64_encode
2021-05-06 17:35:00 -04:00
Glenn Strauss 6f942adfe0 [core] li_to_base64 alt code to add padding 2021-05-06 17:35:00 -04:00
Glenn Strauss 5e39c81ff2 [core] li_base64_decode mark cold code path 2021-05-06 17:35:00 -04:00
Glenn Strauss 099dc83fbe [core] li_base64_decode similar to li_to_base64 2021-05-06 17:35:00 -04:00
Glenn Strauss 871ef50eff [build] --with-nss add test for /usr/include/nspr4
  "nspr header location"
2021-05-06 17:35:00 -04:00
Glenn Strauss 57c8b3287d [mod_staticfile] move cold paths to separate func 2021-05-06 17:35:00 -04:00
Glenn Strauss 9a5e1652be [multiple] static file optimization; reuse cache
reuse cache lookup in common case of serving a static file
rather than repeating the stat_cache_entry lookup
(which is more work than memcmp() to re-check stat_cache_entry match)
2021-05-06 17:35:00 -04:00
Glenn Strauss 7ff6adc44c [core] tolerate dup array config values if match
tolerate duplicated array config values if identical key and value
(still issue warning trace)
2021-05-06 17:35:00 -04:00
Glenn Strauss 92d467b45e [TLS] ALPN h2 policy
HTTP/2 requires that TLS protocol >= TLSv1.2
HTTP/2 requires that TLS record compression be disabled
HTTP/2 requires that TLSv1.2 renegotiation be disabled

HTTP/2 requires that TLS SNI extension be presented with ALPN h2
  (not enforced;
   SNI omitted by client when connecting to IP instead of to name)

RFC 7540 9.2 Use of TLS Features
"Implementations are encouraged to provide defaults that comply,
 but it is recognized that deployments are ultimately responsible
 for compliance."

If TLS record compression or renegotiation are for some reason required
(which is strongly discouraged), then disable HTTP/2 in lighttpd with
  server.feature-flags = ("server.h2proto" => "disable")
2021-05-06 17:34:58 -04:00
Glenn Strauss 9ac307ec14 [mod_authn_file] wipe password/digest after use
slurp password/digest file into memory and then clear after use
(avoid stdio, which buffers by default and does not wipe those buffers)

password/digest files are not expected to be very large
e.g. a password file with 1000 entries is expected to be < 64k
If files are larger, mod_authn_dbi or other mod_authn_* is recommended
2021-04-29 09:19:56 -04:00
Glenn Strauss 13ea2d880b [core] consistent inclusion of sys-time.h 2021-04-28 14:08:29 -04:00
Glenn Strauss a1eba3c89b [core] reuse code to parse backend response
reuse code to parse backend response (http_header_parse_hoff())
2021-04-27 15:13:40 -04:00
Glenn Strauss 3a845f7bec [mod_webdav] quiet pedantic compiler warning 2021-04-27 14:03:06 -04:00
Glenn Strauss 1db8da2fb6 [mod_expire] send only Cache-Control to >=HTTP/1.1
HTTP/1.1 dictates that Cache-Control overrides Expires if both present.
Therefore, send only Cache-Control to HTTP/1.1 requests.  This means
that if an intermediary upgraded the request to HTTP/1.1, and the actual
client sent HTTP/1.0, then the actual client might not understand
Cache-Control when it may have understood Expires.  RFC 2616 HTTP/1.1
was released June 1999, almost 22 years ago (as this comment is written)
If a client today is sending HTTP/1.0, chances are the client does not
cache.  Avoid the overhead of formatting time for Expires to send both
Cache-Control and Expires when the majority of clients are HTTP/1.1 or
HTTP/2 (or later).
2021-04-27 03:04:19 -04:00
Glenn Strauss 6b6252a3ba [core] move timegm() impl inline in sys-time.h
(for systems without timegm())
2021-04-26 12:50:20 -04:00
Glenn Strauss c2feb3e1ad [mod_expire] check for default if mime not found
check for default caching if mime-type not found in expire.mimetypes
2021-04-26 08:59:34 -04:00
Glenn Strauss 885d956edb [core] recognize "enabled"/"disabled" for bool
(in addition to "enable" and "disable")
2021-04-25 15:47:23 -04:00
Glenn Strauss e20e8e4686 [mod_webdav] accept alt syntax in webdav.opts 2021-04-25 15:46:59 -04:00
Glenn Strauss 1d478003d5 [mod_expire] accept time labels without plural 's' 2021-04-25 04:52:41 -04:00
Glenn Strauss a7b95c5b6a [mod_expires,mod_webdav] fix truncated date string
(bug on master branch)
2021-04-24 04:26:07 -04:00
Glenn Strauss 81d18a8e35 [core] discard some HTTP/2 DATA after response (fixes #3078)
(thx oldium)

improve handling of HTTP/2 DATA frames received
a short time after sending response

  "POST request DATA part for non-existing URI closes HTTP/2 connection prematurely"
2021-04-23 07:43:15 -04:00
Glenn Strauss 3392e8fb11 [core] update ls-hpack
LiteSpeed ls-hpack v2.3.0
2021-04-20 22:04:56 -04:00
Glenn Strauss 7d27dd9a72 [mod_nss] define TLSv1_3 as bitflag 2021-04-16 07:07:09 -04:00
Glenn Strauss b2b15d9165 [core] exit 0 upon shutdown if no connections open 2021-04-07 16:31:55 -04:00
Glenn Strauss 84c518ead0 [scons] link lighttpd with pcre for static build 2021-04-07 01:28:51 -04:00
Glenn Strauss 39f6fce7f7 [scons] link lighttpd with pcre for fullstatic 2021-04-07 01:16:51 -04:00
Glenn Strauss f13752f3da [multiple] quiet coverity warnings
includes rejigger of some code in buffer.c for Coverity to have better
visibility into what is happening in internal, private funcs
2021-04-07 01:06:55 -04:00
Glenn Strauss fccf2b768c [mod_dirlisting] ignore error if include file fail
(e.g. continue if include file does not exist)
2021-04-07 00:37:09 -04:00
Glenn Strauss 8e14cdc5c5 [mod_webdav] always define webdav_mmap_file_chunk
(previously was defined only if mod_webdav was built with
PROPPATCH and/or LOCK support)
2021-04-07 00:20:46 -04:00
Glenn Strauss 579045de84 [mod_openssl] issue error trace if < openssl 1.1.1 2021-04-06 22:52:56 -04:00
Glenn Strauss 454ecaa5f9 [TLS] rename*file options
rename to reflect use for verifying client certificate
(old names are still accepted, but are discouraged)     ->  -> ->
2021-04-06 22:31:08 -04:00
Glenn Strauss 325d89b99f [multiple] more reuse of http_date_time_to_str() 2021-04-05 13:24:51 -04:00
Glenn Strauss c41ebea4bb [build] fix zstd option in meson (fixes #3076)
(thx KimonHoffmann)

  "Fix zstd dependency handling in meson build"
2021-04-05 13:24:51 -04:00
Glenn Strauss 82abd16dd7 [mod_proxy] send HTTP/1.0 to backend if no Host
send HTTP/1.0 request to backend if no Host header sent with request

(If Host header is present with an HTTP/1.0 request from client, then
 lighttpd can still make an HTTP/1.1 request to backends)
2021-04-05 13:24:51 -04:00
Glenn Strauss 20a68d7301 [core] vector.h tweaks 2021-04-05 13:24:51 -04:00
Glenn Strauss 7283c43566 [mod_webdav] limit mem use under extreme condition
limit memory use under extreme conditions (edge cases)
2021-04-05 13:24:51 -04:00
Glenn Strauss c6362e127f [mod_webdav] webdav_log_xml_response()
log XML response from chunkqueue instead of taking single buffer
(webdav.log-xml = "enable")

(prep for future changes)
2021-04-05 13:24:51 -04:00
Glenn Strauss 378bc0343f [mod_dirlisting] dir-listing.cache option
dir-listing.cache = ( "path" => "..."   # path to cache root
                      "max-age" => 15 ) # max age (default 15 sec)

Simple cache of directory listing.  Generating directory listing
on large directives can be expensive.  Cache listing for reuse.

This option is for convenience to improve the performance of
directory listings on busy servers, and requires very little
effort for web server admin to enable.

For even better performance on busy servers, the directory listings
could be (externally) generated into index.html files, and mod_indexfile
could be used instead of mod_dirlisting.  When directories are modified,
an external trigger could regenerate index.html.
2021-04-05 13:24:51 -04:00
Glenn Strauss 94359ac956 [mod_dirlisting] parse query string in javascript
parse (optional) query string in javascript to affect initial list sort
(which is also done in javascript)

This change allows the server-generated page to be cachable,
as the response is now independent of the query string.
2021-04-05 13:24:51 -04:00
Glenn Strauss fa4e2b87c5 [mod_dirlisting] upper limit on parallel dirlist
set upper limit of 1/16 max_conns for parallel dirlist
  (per lighttpd worker)
or else set 503 Service Unavailable with Retry-After: 2

attempt to avoid "livelock" scenarios or starvation of other requests

1/16 max_conns (default 85) is still a high arbitrary limit;
 and limit applies only to directories larger than DIRLIST_BATCH-2
 (DIRLIST_BATCH is currently 32)
2021-04-05 13:24:46 -04:00
Glenn Strauss 8d4da3392c [mod_dirlisting] read dir in pieces; less blocking
read dir in pieces, allowing server to do other work between reads

(avoid potentially blocking other requests for long periods of time
while reading a large directory)
2021-04-02 01:16:42 -04:00
Glenn Strauss 376aea0320 [mod_dirlisting] restructure and keep state
restructure into smaller subroutines and keep persistent state
2021-04-02 01:16:42 -04:00